How to fix #vue/cli Vulnerabilities? - vue.js

I having vuejs-3 project and I am looking for 0 vulnerabilities. When I do npm install I am getting 48 vulnerabilities with current version node and npm. Even if I try npm audit fix --force still Issue is the same. Can someone help me please?
C:\Users\achalapa\git\cnsr-odrplat-wcm-cld-vue\mcafee-consumer-wcm-cld-vue.lib> npm install
-npm WARN deprecated #hapi/bourne#1.3.2: This version has been deprecated and is no longer supported or maintained
-npm WARN deprecated #hapi/topo#3.1.6: This version has been deprecated and is no longer supported or maintained
-npm WARN deprecated har-validator#5.1.5: this library is no longer supported
-npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
-npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
-npm WARN deprecated html-webpack-plugin#3.2.0: 3.x is no longer supported
-npm WARN deprecated uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
-npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
-npm WARN deprecated #hapi/hoek#8.5.1: This version has been deprecated and is no longer supported or maintained
-npm WARN deprecated #hapi/joi#15.1.1: Switch to 'npm install joi'
-added 923 packages, and audited 1694 packages in 4m
-105 packages are looking for funding
run `npm fund` for details
-48 moderate severity vulnerabilities
-To address issues that do not require attention, run:
npm audit fix
-To address all issues (including breaking changes), run:
npm audit fix --force
48 Vulnerabilities are coming out when we
add below packages
*"#vue/cli-plugin-babel": "~4.5.13",
"#vue/cli-plugin-typescript": "~4.5.13",
"#vue/cli-plugin-vuex": "~4.5.13",
"#vue/cli-service": "4.5.13",*
Is this okay to proceed?
Is this harmful for my project?
package.json
{
"name": "mcafee-consumer-wcm-cld-vue.lib",
"version": "1.0.0",
"private": true,
"sideEffects": false,
"scripts": {
"bundle": "set NODE_ENV=production && npm run lint && webpack --config webpack.dlp.js --progress --mode=production",
"bundle-dev": "set NODE_ENV=development && npm run lint && webpack --config webpack.dlp.js --progress --mode=development",
"lint": "eslint . --ext .ts,.js --ignore-pattern src/**/*.d.ts",
"lint-and-fix": "eslint . --ext .ts --fix"
},
"dependencies": {
"#vuelidate/core": "^2.0.0-alpha.18",
"bootstrap": "^5.0.1",
"core-js": "^3.13.0",
"intersection-observer": "^0.12.0",
"vue": "^3.0.0",
"vuex": "^4.0.0-0",
"whatwg-fetch": "^3.6.2"
},
"devDependencies": {
"#babel/core": "^7.14.3",
"#babel/plugin-syntax-dynamic-import": "^7.8.3",
"#babel/plugin-transform-arrow-functions": "^7.13.0",
"#babel/plugin-transform-runtime": "^7.14.3",
"#babel/preset-env": "^7.14.2",
"#babel/preset-typescript": "^7.13.0",
"#types/bootstrap": "^5.0.15",
"#types/core-js": "^2.5.4",
"#types/lodash": "^4.14.170",
"#typescript-eslint/eslint-plugin": "^4.25.0",
"#typescript-eslint/eslint-plugin-tslint": "^4.25.0",
"#typescript-eslint/parser": "^4.25.0",
"#vue/cli-plugin-babel": "~4.5.13",
"#vue/cli-plugin-typescript": "~4.5.13",
"#vue/cli-plugin-vuex": "~4.5.13",
"#vue/cli-service": "4.5.13",
"#vue/compiler-sfc": "^3.0.11",
"#vue/eslint-config-prettier": "^6.0.0",
"#vue/eslint-config-typescript": "^7.0.0",
"babel-loader": "^8.2.2",
"babel-preset-typescript-vue3": "^2.0.12",
"clean-webpack-plugin": "^3.0.0",
"eslint": "^7.27.0",
"eslint-config-prettier": "^8.3.0",
"eslint-loader": "^4.0.2",
"eslint-plugin-jsdoc": "^35.0.0",
"eslint-plugin-prettier": "^3.4.0",
"eslint-plugin-vue": "^7.9.0",
"fork-ts-checker-webpack-plugin": "^3.1.1",
"html-webpack-plugin": "^5.3.1",
"prettier": "^2.3.0",
"terser-webpack-plugin": "^5.1.2",
"ts-loader": "^9.2.2",
"tslint": "^6.1.3",
"typescript": "^4.3.2",
"typescript-tslint-plugin": "^1.0.1",
"vue-loader": "^16.2.0",
"webpack": "^5.37.1",
"webpack-bundle-analyzer": "^4.4.2",
"webpack-cli": "^4.7.0",
"webpack-merge": "^4.1.4"
}
}

If all vulnerabilities are coming only from those 4 packages - ie. vue/cli, than you can safely ignore it as only place where this code will be executed is on your own machine during development and build. If we agree that we trust the creators of Vue CLI that they do not use those vulnerable packages in a way harmful to their customers (developers using Vue CLI), we can safely ignore those warnings as no code from these packages will be included in the app bundle....
What interests you is only vuln. of packages included in dependencies part of package.json as this is code that will make it to the final app bundle and will be downloaded and executed by our users/customers
Use this command instead: npm audit --only=prod

npm prune worked for me!
I had an extraneous package installed with npm install #vue/cli -g called subscriptions-transport-ws which was no longer maintained and used a bunch of deprecated packages.
After the prune, I checked and it was gone using npm ls subscriptions-transport-ws. I also had no vulnerabilities anymore.

For anyone getting vulnerability warnings from #vue/cli:
#vue/cli is now in maintenance mode and it is recommended to create projects using create-vue
From their site:
⚠️ Vue CLI is in Maintenance Mode!
For new projects, it is now recommended to use create-vue to scaffold Vite-based projects. Also refer to the Vue 3 Tooling Guide for the latest recommendations.
$ npm create vue#3
This should properly deal with the npm audit warnings at which point you should have none from vue.

Does this happens when you are trying to create the project if so, check system environment variables in windows, my problem was that only one path was added but you need two paths. One under User varables for "YourUser" under path.
C:\Program Files \nodejs\
And second path under System variables also under path
C:\Program Files \nodejs\
This resolved problem for me, hope it helps!

Related

ng serve is not working after Angular 8 update

Error
Could not find the implementation for builder #angular-devkit/build-angular:dev-server
ng serve
Could not find the implementation for builder #angular-devkit/build-angular:dev-server
Error: Could not find the implementation for builder #angular-devkit/build-angular:dev-server
at WorkspaceNodeModulesArchitectHost.resolveBuilder (D:\angular-tour-of-heroes\node_modules\#angular\cli\node_modules\#angular-devkit\architect\node\node-modules-architect-host.js:49:19)
at ServeCommand.initialize (D:\angular-tour-of-heroes\node_modules\#angular\cli\models\architect-command.js:135:55)
at async ServeCommand.validateAndRun (D:\angular-tour-of-heroes\node_modules\#angular\cli\models\command.js:127:9)
at async Object.runCommand (D:\angular-tour-of-heroes\node_modules\#angular\cli\models\command-runner.js:178:24)
at async default_1 (D:\angular-tour-of-heroes\node_modules\#angular\cli\lib\cli\index.js:32:31)
ng version
Angular CLI: 8.0.3
Node: 12.4.0
OS: win32 x64
Angular: 7.2.2
... animations, cdk, common, compiler, core, forms, http
... platform-browser, platform-browser-dynamic, router
... service-worker
Package Version
-----------------------------------------------------------
#angular-devkit/architect 0.13.9
#angular-devkit/build-angular 0.13.9
#angular-devkit/build-optimizer 0.13.9
#angular-devkit/build-webpack 0.13.9
#angular-devkit/core 8.0.3
#angular-devkit/schematics 8.0.3
#angular/cli 8.0.3
#angular/compiler-cli 7.2.15
#angular/language-service 7.2.15
#angular/material 7.3.7
#angular/pwa 0.800.3
#ngtools/webpack 7.3.9
#schematics/angular 8.0.3
#schematics/update 0.13.9
rxjs 6.3.3
typescript 3.2.4
webpack 4.29.0
Package Json
{
"name": "angular-tour-of-heroes",
"version": "0.0.0",
"license": "MIT",
"private": true,
"dependencies": {
"#angular/animations": "7.2.2",
"#angular/cdk": "~7.2.2",
"#angular/common": "7.2.2",
"#angular/compiler": "7.2.2",
"#angular/core": "7.2.2",
"#angular/forms": "7.2.2",
"#angular/http": "7.2.2",
"#angular/material": "^7.2.2",
"#angular/platform-browser": "7.2.2",
"#angular/platform-browser-dynamic": "7.2.2",
"#angular/pwa": "^0.800.3",
"#angular/router": "7.2.2",
"#angular/service-worker": "7.2.2",
"angular-datatables": "^7.0.0",
"angular-in-memory-web-api": "0.8.0",
"angular2-datatable": "^0.6.0",
"bootstrap": "^4.3.1",
"core-js": "2.6.3",
"datatables.net": "^1.10.19",
"datatables.net-buttons": "^1.5.6",
"datatables.net-buttons-dt": "^1.5.6",
"datatables.net-dt": "^1.10.19",
"hammerjs": "^2.0.8",
"jasmine-core": "3.3.0",
"jasmine-marbles": "0.4.1",
"jquery": "^3.4.1",
"jszip": "^3.2.1",
"ng-select2": "^1.0.8",
"ng2-select2": "^1.0.0-beta.16",
"ngx-bootstrap": "^3.2.0",
"rxjs": "6.3.3",
"rxjs-compat": "^6.3.3",
"select2": "^4.0.6-rc.1",
"tslib": "^1.9.0",
"web-animations-js": "2.3.1",
"zone.js": "0.8.29"
},
"scripts": {
"ng": "ng",
"start": "ng serve",
"build": "ng build",
"test": "ng test",
"lint": "ng lint",
"e2e": "ng e2e"
},
"devDependencies": {
"#angular-devkit/build-angular": "^0.13.9",
"#angular-devkit/core": "^8.0.3",
"#angular/cli": "^8.0.3",
"#angular/compiler-cli": "^7.2.7",
"#angular/language-service": "~7.2.2",
"#types/datatables.net": "^1.10.15",
"#types/datatables.net-buttons": "^1.4.1",
"#types/jasmine": "~3.3.8",
"#types/jasminewd2": "^2.0.6",
"#types/jquery": "^3.3.29",
"#types/node": "~10.12.18",
"codelyzer": "~4.5.0",
"jasmine-spec-reporter": "~4.2.1",
"karma": "^4.0.1",
"karma-chrome-launcher": "~2.2.0",
"karma-coverage-istanbul-reporter": "~2.0.1",
"karma-jasmine": "^2.0.1",
"karma-jasmine-html-reporter": "^1.4.0",
"protractor": "~5.4.0",
"ts-node": "~8.0.1",
"tslint": "~5.12.1",
"typescript": "~3.2.4"
}
}
Solution i have tried
remove node_module,package-lock.json
npm install --save-dev #angular-devkit/build-angular
npm install
npm update
npm install -g typescript#latest
i tried to update
PS D:\angular-tour-of-heroes> ng update
Using package manager: 'npm'
Collecting installed dependencies...
Found 58 dependencies.
We analyzed your package.json, there are some packages to update:
Name Version Command to update
--------------------------------------------------------------------------------
#angular/cdk 7.2.2 -> 8.0.1 ng update #angular/cdk
#angular/core 7.2.15 -> 8.0.1 ng update #angular/core
#angular/core 7.2.2 -> 7.2.15 ng update #angular/core
#angular/material 7.3.7 -> 8.0.1 ng update #angular/material
rxjs 6.3.3 -> 6.5.2 ng update rxjs
There might be additional packages that are outdated.
Run "ng update --all" to try to update all at the same time.
PS D:\angular-tour-of-heroes> ng update #angular/cdk
Repository is not clean. Please commit or stash any changes before updating.
npm cache verify
I have tried to Update Node/Npm version
node -v
v12.4.0
npm -v
6.9.0
I have also followed link Could not find module "#angular-devkit/build-angular"
Angular Guide for upgrade
https://update.angular.io/#7.0:8.0
D:\angular-tour-of-heroes> ng update #angular/cli #angular/core
Repository is not clean. Please commit or stash any changes before updating.
After fixing git issue
PS D:\angular-tour-of-heroes> ng update --all
Using package manager: 'npm'
Collecting installed dependencies...
Found 58 dependencies.
Package "#angular/compiler-cli" has an incompatible peer dependency to "typescript" (requires ">=3.4 <3.5", would install "3.5.2")
Package "#angular-devkit/build-angular" has an incompatible peer dependency to "typescript" (requires ">=3.1 < 3.5", would install "3.5.2")
Package "angular2-datatable" has an incompatible peer dependency to "#angular/common" (requires "^2.0.0" (extended), would install "8.0.1").
Package "#angular/http" has an incompatible peer dependency to "#angular/core" (requires "7.2.15", would install "8.0.1")
Package "angular2-datatable" has an incompatible peer dependency to "#angular/core" (requires "^2.0.0" (extended), would install "8.0.1").
Package "angular2-datatable" has an incompatible peer dependency to "#angular/platform-browser" (requires "^2.0.0" (extended), would install "8.0.1").
Package "#angular/compiler-cli" has an incompatible peer dependency to "typescript" (requires ">=3.4 <3.5", would install "3.5.2").
Package "angular2-datatable" has an incompatible peer dependency to "rxjs" (requires "^5.0.0-beta.12", would install "6.5.2").
Incompatible peer dependencies found. See above
After trying all solution still cannot run ng serve in cli.
any help is most welcome
Solution
After upgrading to Angular 8
problem may occur
ng update --all
Using package manager: 'npm'
Collecting installed dependencies...
Found 58 dependencies.
Package "#angular/compiler-cli" has an incompatible peer dependency to "typescript" (requires ">=3.4 <3.5", would install "3.5.2")
Package "#angular-devkit/build-angular" has an incompatible peer dependency to "typescript" (requires ">=3.1 < 3.5", would install "3.5.2")
Package "angular2-datatable" has an incompatible peer dependency to "#angular/common" (requires "^2.0.0" (extended), would install "8.0.1").
Package "#angular/http" has an incompatible peer dependency to "#angular/core" (requires "7.2.15", would install "8.0.1")
Package "angular2-datatable" has an incompatible peer dependency to "#angular/core" (requires "^2.0.0" (extended), would install "8.0.1").
Package "angular2-datatable" has an incompatible peer dependency to "#angular/platform-browser" (requires "^2.0.0" (extended), would install "8.0.1").
Package "#angular/compiler-cli" has an incompatible peer dependency to "typescript" (requires ">=3.4 <3.5", would install "3.5.2").
Package "angular2-datatable" has an incompatible peer dependency to "rxjs" (requires "^5.0.0-beta.12", would install "6.5.2").
Incompatible peer dependencies found. See above
Solution for these error
ng update --all --force
Then error
ERROR in The Angular Compiler requires TypeScript >=3.4.0 and <3.5.0 but 3.5.2 was found instead.
npm install typescript#">=3.4.0 <3.5.0" --save-dev --save-exact
Just to be sure run the following steps:
npm uninstall -g #angular/cli
npm cache verify
npm install -g #angular/cli#latest
Then in your Local project package:
rm -rf node_modules dist
npm install --save-dev #angular/cli#latest
npm i
ng update #angular/cli
ng update #angular/core
will fix the issue
Here's what finally worked for me, from my project folder
nvm use 10.14.1
rm -rf node_modules dist
npm install --save-dev #angular/cli#latest
ng update --all --force --allow-dirty
npm install --save zone.js#0.9.1
You may have to resolve other dependencies, depending on the packages used by your application.

NPM still gives warnings, npm audix fix not working

My project's package.json dependencies:
"dependencies": {
"#babel/cli": "^7.0.0-beta.51",
"#babel/core": "^7.0.0-beta.51",
"#babel/preset-env": "^7.0.0-beta.51",
"babel-loader": "^8.0.0-beta.4",
"babel-plugin-add-module-exports": "^1.0.0",
"babel-plugin-istanbul": "^5.1.0",
"babel-preset-env": "^7.0.0-beta.3",
"babel-register": "^7.0.0-beta.3",
"build": "^0.1.4",
"jsdom": "^14.0.0",
"jsdom-global": "3.0.2",
"moment": "^2.24.0",
"nyc": "^13.1.0",
"rimraf": "^2.6.3",
"webpack": "^4.12.2",
"webpack-cli": "^3.0.8",
"yargs": "^13.2.2"
},
When I run "npm i", I still see:
audited 14173 packages in 5.084s
found 6 vulnerabilities (4 low, 1 moderate, 1 critical)
run `npm audit fix` to fix them, or `npm audit` for details
When I run "npm audit":
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Denial of Service
Package js-yaml
Patched in >=3.13.0
Dependency of build
Path build > jxLoader > js-yaml
More info https://npmjs.com/advisories/788
Critical Deserialization Code Execution
Package js-yaml
Patched in >= 2.0.5
Dependency of build
Path build > jxLoader > js-yaml
More info https://npmjs.com/advisories/16
Low Incorrect Handling of Non-Boolean Comparisons During
Minification
Package uglify-js
Patched in >= 2.4.24
Dependency of build
Path build > uglify-js
More info https://npmjs.com/advisories/39
Low Regular Expression Denial of Service
Package uglify-js
Patched in >=2.6.0
Dependency of build
Path build > uglify-js
More info https://npmjs.com/advisories/48
Low Regular Expression Denial of Service
Package braces
Patched in >=2.3.1
Dependency of babel-register
Path babel-register > babel-core > micromatch > braces
More info https://npmjs.com/advisories/786
Low Regular Expression Denial of Service
Package timespan
Patched in No patch available
Dependency of build
Path build > timespan
More info https://npmjs.com/advisories/533
When I try to run "npm audit fix" it say:
up to date in 4.704s
fixed 0 of 6 vulnerabilities in 14173 scanned packages
6 vulnerabilities required manual review and could not be updated
I already tried to delete the "package-lock.json" file and try again, already tried to clear npm cache, and tried to update the packages manually, none of these steps seems to be working. Does anybody know how to solve this?
Thanks.
I finally fixed it myself, updated all packages to the latest version manually, and removed the "build": "^0.1.4" package, since it no longer updates.

My npm module seems to be partially disappearing after a while

I have tried over and over and over to find a solution, but I seriously can not understand what is going on.
$ npm -v
6.5.0
$ node -v
v10.10.0
My package.json pulls in the followin dependencies:
{
"private": true,
"scripts": {
"dev": "NODE_ENV=development node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js",
"production": "NODE_ENV=production node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js",
"tests": "phpunit --testdox"
},
"devDependencies": {
"laravel-mix": "^3.0.0",
"lodash": "^4.17.11",
"purifycss-webpack": "^0.7.0",
"tailwindcss": "^0.7.2",
"webpack": "^3.12.0"
},
"dependencies": {
"#bugsnag/js": "^5.1.0",
"#bugsnag/plugin-vue": "^5.1.0",
"axios": "^0.17.1",
"babel-preset-es2015": "^6.24.1",
"blueimp-md5": "^2.10.0",
"clientjs": "^0.1.11",
"css-loader": "^0.28.11",
"dotenv": "^6.2.0",
"glob-all": "^3.1.0",
"js-cookie": "^2.2.0",
"laravel-echo": "^1.4.1",
"libphonenumber-js": "^1.6.9",
"md5": "^2.2.1",
"moment": "^2.22.2",
"postcss-import": "^11.1.0",
"purgecss-webpack-plugin": "^1.4.0",
"purify-css": "^1.2.6",
"pusher-js": "^4.3.1",
"qs": "^6.6.0",
"vee-validate": "^2.1.3",
"vue": "^2.5.17",
"vue-i18n": "^8.3.2",
"vue-router": "^2.8.1",
"vue-wysiwyg": "^1.7.2",
"vuex": "^3.0.1"
}
}
I can do an npm run dev 'x' times without any issue, when all of a sudden, without ever having ran another npm command, or pulled in new dependencies, or whatever, it can all of a sudden complain about a missing modules.
Module build failed: Error: Cannot find module 'es-to-primitive/es6'
This is just an example; it has been other modules as well.
My solution to this is basically:
$ rm -f -R ./node_modules/*
$ npm install
$ npm run dev
This always fixes the issue. I just don't understand why. The dependency should have been installed prior because my previous builds ran just fine. I'm running on a Macbook Pro, and I seriously have no idea what might be causing this behaviour.
On my last run, I checked node_modules/es-to-primitive and there was no es6.js file, so I understand the error, but after doing the above fix, it got that file installed. I guess I just don't understand how it can 'disappear' again after a while...
Anything I'm doing wrong or don't understand properly?
Thanks!
I hope I am not too late, but I had the exact same problem and it was driving me absolutely insane. I had to delete the node_modules directory and reinstall everything up to several times a day, and nothing I did made any difference. It then crossed my mind that iCloud Drive syncing may be causing the problem, as I had my project directory saved in ~/Documents. I tried to delete the directory from iCloud Drive and let it completely sync, and it made it somewhat better but there still were issues with some of the modules. I asked myself, there must be a way to exclude a directory from syncing? And yes, it is!
Apparently, adding .nosync to the name of a file or directory will exclude it from syncing to iCloud Drive. Earlier you could add a blank file named .nosync to any directory to exclude it, but it seems this no longer works, at least not for me on macOS 10.15.2.
With that said, I am very happy to share that renaming the node_modules directory to node_modules.nosync, and adding a link to the new directory to keep npm from complaining, seems to have solved the issue:
$ mv node_modules node_modules.nosync/ && ln -s node_modules.nosync node_modules
After doing this, I have not had to delete and reinstall the modules even once! Everything just works, just as it should.

Couldn't find preset "env" relative to directory

So far I have been unsuccessful in an attempt to use the env preset. I browsed the git issues that others have raised such as this, and implemented some of the suggestions that appeared to work for others, but no luck so far.
Here's what I'm working with:
package.json
"bundle": "browserify ./client/app.js -d -o ./public/o.js -t [ babelify --presets [ env ] ]",
"devDependencies": {
"#babel/cli": "^7.0.0-beta.40",
"#babel/preset-env": "^7.0.0-beta.40",
"babel-core": "^6.26.0",
"babelify": "^8.0.0"
...
And here is the error:
Error: Couldn't find preset "env" relative to directory "/Users/user/Documents/git/ts/client" while parsing file: /Users/user/Documents/git/ts/client/app.js
Anything I could be missing?
Many of the github issues relating to this suggest that babel-preset-env is not installed.
Indeed it doesn't seem to be there in your package.json. Add & install it by doing this:
npm install babel-preset-env --save
Though the earlier answers do provide the right solution and it works. But this should be installed as a dev dependency not as the core one. As this is needed only for development work. If you are using npm you can use:
npm install --save-dev babel-preset-env
or if you are using yarn as package manager then use:
yarn add --dev babel-preset-env
You just need to install babel-preset-env and your code will compile properly.
npm install babel-preset-env
Basically, this type of error occurs due to mismatch in versions of babel-core, babel-preset-env and babel-loader. Below are matched and tested devDependencies, which worked for me.
"devDependencies": {
"#babel/core": "^7.11.6",
"#babel/preset-env": "^7.11.5",
"babel-loader": "^8.1.0",
"html-webpack-plugin": "^4.5.0",
"install": "^0.13.0",
"npm": "^6.14.8",
"regenerator-runtime": "^0.13.7",
"webpack": "^4.44.2",
"webpack-cli": "^3.3.12",
"webpack-dev-server": "^3.11.0"
},
"dependencies": {
"babel-polyfill": "^6.26.0"
}
You can check whether .babelrc file exists in the directory above or above the directory. Just delete the file is OK

npm states modules are missing that aren't

Below is my package.json file.
{
"name": "test",
"version": "1.0.0",
"description": "web_app",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "Brad",
"license": "ISC",
"devDependencies": {
"babel-preset-es2015": "^6.9.0",
"browser-sync": "^2.13.0",
"del": "^2.2.0",
"gulp": "^3.9.1",
"gulp-autoprefixer": "^3.1.0",
"gulp-babel": "^6.1.2",
"gulp-changed": "^1.3.0",
"gulp-cssnano": "^2.1.2",
"gulp-file-include": "^0.13.7",
"gulp-htmlmin": "^2.0.0",
"gulp-if": "^2.0.1",
"gulp-sass": "^2.3.2",
"gulp-size": "^2.1.0",
"gulp-sourcemaps": "^1.6.0",
"gulp-uglify": "^1.5.3",
"gulp-uncss": "^1.0.5",
"gulp-useref": "^3.1.0",
"htmlmin": "0.0.6",
"run-sequence": "^1.2.1"
},
"dependencies": {
"rxjs-es": "^5.0.0-beta.9"
}
}
When in run 'npm install' I get the following errors:
npm WARN deprecated minimatch#2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs#3.0.8: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs#^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN deprecated minimatch#0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated lodash#1.0.2: lodash#<3.0.0 is no longer maintained. Upgrade to lodash#^4.0.0.
npm WARN deprecated graceful-fs#1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs#^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN deprecated minimatch#0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch#1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN prefer global node-gyp#3.3.1 should be installed with -g
As I don't have modules like 'minimatch' in my package.json file I'm assuming that other modules depend on it. So I installed all the outdated modules globally. This didn't remove the error messages. If I try and run say a gulp task it will work, however, if I restart my computer and then try and run the same gulp task, it will say modules are missing, even though they are in the node_modules folder. Any ideas?
Yes, your dependencies are using deprecated packages.
Try running npm ls to find which dependencies are referencing old packages.
Update minimatch to latest version 3.0.2 by running following command
npm update -g minimatch#3.0.2